subject:"\[Full\-disclosure\] Ubuntu 11.10 now unsecure by default"

I don't believe you.

Have fun seeking attention,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:

 I have disclosed to others, just not YOU.
 have a nice day idiot.
 
 
 
 On 20 November 2011 14:15, Leon Kaiser litera...@gmail.com wrote:
 
 That's because you don't have any exploits to disclose.
 Everyone knows this, you don't need to pretend that you do.
 
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Sun, 2011-11-20 at 11:31 +1100, xD 0x41 wrote: 
 
  I have said what I wanted to say... i wikll not disclose exploits on
  fd... sorry
  Just think of the MS issue, compared to Ubuntu user issue.. forget 
 the rest :-)
  
  
  
  On 20 November 2011 11:23, root ro...@fibertel.com.ar wrote:
   what you say, main binary of ubuntu is suid?
  
   That enough, I'm switching to freebsd now. Also, this email is 
 sarcasm haha
  
  
  
   On 11/19/2011 06:23 PM, GloW - XD wrote:
   Recently some stupid people got into management (as always 
 happens)
  
   Oh here your right, but you still can relent, just dont fucking 
 use
   the os wich sucks, i have learnt that this suually dictates how 
 an os
   gets put tyogether... or no tajke some lessons out of windows
   even,. but do it smarter... idc, id never put ubuntu on a prod, 
 OR
   local box, It got me once with the APC mags promo about how 
 cl ubu
   is, then i found there is only about 100 bad binarys, your almost
   there now, only 30 or so togo! almost patched dude! tyhe biggest 
 laugh
   is, your main binary wich is simplest, is vulnerable to suid 
 attack...
   i guess some people would know this method, and know what i am 
 talking
   about.. if not badluck.
  
  
   ___
   Full-Disclosure - We believe in it.
   Charter: http://lists.grok.org.uk/full-disclosure-charter.html
   Hosted and sponsored by Secunia - http://secunia.com/
  
  
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

And neither does the Internet. Even if you do, in fact, have even a
single XSS exploit.

Yours,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:

 believe wtf you want. i dont care,
 
 
 
 On 21 November 2011 09:34, Leon Kaiser litera...@gmail.com wrote:
 
 I don't believe you.
 
 Have fun seeking attention,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:
 
  I have disclosed to others, just not YOU.
  have a nice day idiot.
  
  
  On 20 November 2011 14:15, Leon Kaiser litera...@gmail.com
  wrote:
  
  That's because you don't have any exploits to
  disclose. Everyone knows this, you don't need to
  pretend that you do.
  
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Sun, 2011-11-20 at 11:31 +1100, xD 0x41 wrote: 
  
   I have said what I wanted to say... i wikll not disclose 
 exploits on
   fd... sorry
   Just think of the MS issue, compared to Ubuntu user 
 issue.. forget the rest :-)
   
   
   
   On 20 November 2011 11:23, root ro...@fibertel.com.ar 
 wrote:
what you say, main binary of ubuntu is suid?
   
That enough, I'm switching to freebsd now. Also, this 
 email is sarcasm haha
   
   
   
On 11/19/2011 06:23 PM, GloW - XD wrote:
Recently some stupid people got into management (as 
 always happens)
   
Oh here your right, but you still can relent, just 
 dont fucking use
the os wich sucks, i have learnt that this suually 
 dictates how an os
gets put tyogether... or no tajke some lessons out 
 of windows
even,. but do it smarter... idc, id never put ubuntu 
 on a prod, OR
local box, It got me once with the APC mags promo 
 about how cl ubu
is, then i found there is only about 100 bad binarys, 
 your almost
there now, only 30 or so togo! almost patched dude! 
 tyhe biggest laugh
is, your main binary wich is simplest, is vulnerable 
 to suid attack...
i guess some people would know this method, and know 
 what i am talking
about.. if not badluck.
   
   
___
Full-Disclosure - We believe in it.
Charter: 
 http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
   
   
   ___
   Full-Disclosure - We believe in it.
   Charter: 
 http://lists.grok.org.uk/full-disclosure-charter.html
   Hosted and sponsored by Secunia - http://secunia.com/
  
  
  ___
  Full-Disclosure - We believe in it.
  Charter:

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

I'm not asking you to give me it. I don't want it. Yet you refuse to
demonstrate it or flex in the slightest bit. From what I've seen on this
list, you are nothing but full of shit. You do have to proove crap if
you are so full of it that it's spilling out of your ass.

Enjoy your elitist outlook on life,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:

 lol... yes whatever.whats making me laugh is, your askin me for
 somethin you SHOULD really have here... i should NOT have to proove
 crap, if you have a 2011 exploit, or dont, well, thats to bad for you
 then... i aint able to gief my one, it stays pbvt, i dont help lamers
 root, either.
 Those who have been cool, with me from START of this shit, will get
 every truth, and thats how it will stay the bigmouths, get 0.
 
 
 
 On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com wrote:
 
 And neither does the Internet. Even if you do, in fact, have
 even a single XSS exploit.
 
 Yours,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:
 
  believe wtf you want. i dont care,
  
  
  On 21 November 2011 09:34, Leon Kaiser litera...@gmail.com
  wrote:
  
  I don't believe you.
  
  Have fun seeking attention,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:
  
   I have disclosed to others, just not YOU.
   have a nice day idiot.
   
   
   On 20 November 2011 14:15, Leon Kaiser
   litera...@gmail.com wrote:
   
   That's because you don't have any exploits
   to disclose. Everyone knows this, you
   don't need to pretend that you do.
   
   -- 
   
 
   Leon Kaiser  - Head of GNAA Public
   Relations -
   litera...@gnaa.eu ||
   litera...@goatse.fr
  http://gnaa.eu ||
   http://security.goatse.fr
 7BEECD8D FCBED526 F7960173 459111CE
   F01F9923
   The mask of anonymity is not intensely
   constructive.
  -- Andrew weev Auernheimer
   
  
   
   
   
   
   On Sun, 2011-11-20 at 11:31 +1100, xD 0x41
   wrote: 
   
I have said what I wanted to say... i wikll not 
 disclose exploits on
fd... sorry
Just think of the MS issue, compared to Ubuntu 
 user issue.. forget the rest :-)



On 20 November 2011 11:23, root 
 ro...@fibertel.com.ar wrote:

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Since when does GNAA claim to have things and then refuse to prove said
claims?

Yours,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote:

 yes, and i see gnaa is so wonderful :)
 
 
 
 On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:
 
 I'm not asking you to give me it. I don't want it. Yet you
 refuse to demonstrate it or flex in the slightest bit. From
 what I've seen on this list, you are nothing but full of shit.
 You do have to proove crap if you are so full of it that
 it's spilling out of your ass.
 
 Enjoy your elitist outlook on life,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:
 
  lol... yes whatever.whats making me laugh is, your askin
  me for somethin you SHOULD really have here... i should NOT
  have to proove crap, if you have a 2011 exploit, or dont,
  well, thats to bad for you then... i aint able to gief my
  one, it stays pbvt, i dont help lamers root, either.
  Those who have been cool, with me from START of this shit,
  will get every truth, and thats how it will stay the
  bigmouths, get 0.
  
  
  On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com
  wrote:
  
  And neither does the Internet. Even if you do, in
  fact, have even a single XSS exploit.
  
  Yours,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:
  
   believe wtf you want. i dont care,
   
   
   On 21 November 2011 09:34, Leon Kaiser
   litera...@gmail.com wrote:
   
   I don't believe you.
   
   Have fun seeking attention,
   Leon
   -- 
   
 
   Leon Kaiser  - Head of GNAA Public
   Relations -
   litera...@gnaa.eu ||
   litera...@goatse.fr
  http://gnaa.eu ||
   http://security.goatse.fr
 7BEECD8D FCBED526 F7960173 459111CE
   F01F9923
   The mask of anonymity is not intensely
   constructive.
  -- Andrew weev Auernheimer
   
  
   
   
   
   
   On Mon, 2011-11-21 at 09:32 +1100, xD 0x41
   wrote:
   
I have disclosed to others, just not
YOU.
have a nice day idiot.


On 20 November 2011 14:15, Leon Kaiser
litera...@gmail.com wrote:

That's

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Yes, because asking you to prove a dubious assertion constitutes
elitism.

See a doctor, before you hurt someone that you love,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:45 +1100, xD 0x41 wrote:

 Enjoy your elitist outlook on life,
 
 As it has been, since i was eric Jones :)
 
 bye lamarr.
 
 
 
 On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:
 
 I'm not asking you to give me it. I don't want it. Yet you
 refuse to demonstrate it or flex in the slightest bit. From
 what I've seen on this list, you are nothing but full of shit.
 You do have to proove crap if you are so full of it that
 it's spilling out of your ass.
 
 Enjoy your elitist outlook on life,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:
 
  lol... yes whatever.whats making me laugh is, your askin
  me for somethin you SHOULD really have here... i should NOT
  have to proove crap, if you have a 2011 exploit, or dont,
  well, thats to bad for you then... i aint able to gief my
  one, it stays pbvt, i dont help lamers root, either.
  Those who have been cool, with me from START of this shit,
  will get every truth, and thats how it will stay the
  bigmouths, get 0.
  
  
  On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com
  wrote:
  
  And neither does the Internet. Even if you do, in
  fact, have even a single XSS exploit.
  
  Yours,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:
  
   believe wtf you want. i dont care,
   
   
   On 21 November 2011 09:34, Leon Kaiser
   litera...@gmail.com wrote:
   
   I don't believe you.
   
   Have fun seeking attention,
   Leon
   -- 
   
 
   Leon Kaiser  - Head of GNAA Public
   Relations -
   litera...@gnaa.eu ||
   litera...@goatse.fr
  http://gnaa.eu ||
   http://security.goatse.fr
 7BEECD8D FCBED526 F7960173 459111CE
   F01F9923
   The mask of anonymity is not intensely
   constructive.
  -- Andrew weev Auernheimer
   
  
   
   
   
   
   On Mon, 2011-11-21 at 09:32 +1100, xD 0x41
   wrote:
   
I have disclosed to others, just not
YOU.
have a nice day idiot.


On 20 November 2011 14:15, Leon Kaiser

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Your use of the royal we is rather disturbing. Does your shrink know
you use it? When making claims about my organization, please use
coherent grammar so I can ascertain what you are attempting to convey.

Yours,
Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 09:51 +1100, xD 0x41 wrote:

 haha you are a looser.
 Why then are you asking me for a 0day, we all know exists... i thinkk
 you must not have them.. to bad, you never will
 Oh, and stop please, GNAA have been the idiots on this list if
 anyone, claim nothing, coz you DO nothing obviously.
 Bye!
 
 
 
 
 On 21 November 2011 09:48, Leon Kaiser litera...@gmail.com wrote:
 
 Since when does GNAA claim to have things and then refuse to
 prove said claims?
 
 Yours,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote:
 
  yes, and i see gnaa is so wonderful :)
  
  
  On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com
  wrote:
  
  I'm not asking you to give me it. I don't want it.
  Yet you refuse to demonstrate it or flex in the
  slightest bit. From what I've seen on this list, you
  are nothing but full of shit. You do have to proove
  crap if you are so full of it that it's spilling
  out of your ass.
  
  Enjoy your elitist outlook on life,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:
  
   lol... yes whatever.whats making me laugh is,
   your askin me for somethin you SHOULD really have
   here... i should NOT have to proove crap, if you
   have a 2011 exploit, or dont, well, thats to bad
   for you then... i aint able to gief my one, it
   stays pbvt, i dont help lamers root, either.
   Those who have been cool, with me from START of
   this shit, will get every truth, and thats how it
   will stay the bigmouths, get 0.
   
   
   On 21 November 2011 09:36, Leon Kaiser
   litera...@gmail.com wrote:
   
   And neither does the Internet. Even if you
   do, in fact, have even a single XSS
   exploit.
   
   Yours,
   Leon
   -- 
   
 
   Leon Kaiser  - Head of GNAA Public
   Relations -
   litera...@gnaa.eu ||
   litera...@goatse.fr
  http://gnaa.eu ||
   http://security.goatse.fr
 7BEECD8D FCBED526 F7960173 459111CE
   F01F9923
   The mask of anonymity is not intensely
   constructive.
  -- Andrew weev Auernheimer

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

GNAA isn't using any exploits. Nice IRC scripts you got there, kiddo.

Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 10:03 +1100, xD 0x41 wrote:

 umm... go massmail someone else you annoying fucker.
 here is what one question about you yielded me sofar:
 
 [09:41am] @xd and who the fuck is gnaa anyhow :s i think they are
 the ones who ripping dark0de off mayb
 * Resolved: gnaa.eu to: 80.65.228.130
 [09:42am] @xd !kill gnaa.eu
 [09:48am] malishuz gnaa is a bunch of retards
 [09:48am] malishuz its like #anxiety
 [09:48am] malishuz and #grove
 [09:49am] malishuz mixed togerher
 [09:49am] malishuz its retarded love child
 [09:49am] malishuz they formed goatse security
 [09:49am] malishuz and published exploits
 [09:50am] malishuz for people to troll with mainly
 
 That sums up exactly what your trying on me right now fool... and that
 was only one opinion eh.. go fk yourself, go find your OWN exploits
 kiddo.
 
 
 
 
 On 21 November 2011 09:55, Leon Kaiser litera...@gmail.com wrote:
 
 Your use of the royal we is rather disturbing. Does your
 shrink know you use it? When making claims about my
 organization, please use coherent grammar so I can ascertain
 what you are attempting to convey.
 
 Yours,
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 09:51 +1100, xD 0x41 wrote:
 
  haha you are a looser.
  Why then are you asking me for a 0day, we all know exists...
  i thinkk you must not have them.. to bad, you never will
  Oh, and stop please, GNAA have been the idiots on this
  list if anyone, claim nothing, coz you DO nothing obviously.
  Bye!
  
  
  
  On 21 November 2011 09:48, Leon Kaiser litera...@gmail.com
  wrote:
  
  Since when does GNAA claim to have things and then
  refuse to prove said claims?
  
  Yours,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote:
  
   yes, and i see gnaa is so wonderful :)
   
   
   On 21 November 2011 09:43, Leon Kaiser
   litera...@gmail.com wrote:
   
   I'm not asking you to give me it. I don't
   want it. Yet you refuse to demonstrate it
   or flex in the slightest bit. From what
   I've seen on this list, you are nothing
   but full of shit. You do have to proove
   crap if you are so full of it that it's
   spilling out of your ass.
   
   Enjoy your elitist outlook on life,
   Leon
   -- 
   
 
   Leon Kaiser  - Head of GNAA Public
   Relations -
   litera...@gnaa.eu ||
   litera...@goatse.fr
  http://gnaa.eu ||
   http://security.goatse.fr
 7BEECD8D FCBED526 F7960173 459111CE
   F01F9923
   The mask of

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

I don't want your exploit. I just want you to demonstrate that you have
one. You're full of shit, and refuse to do anything to prove otherwise.
Also, what is your first language? It clearly isn't English...

Leon
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 10:12 +1100, xD 0x41 wrote:

 irc script , you mean /dns ?
 well, anyhow was nice talking to you, i know who you are now, your a
 fking disgrace lamer, who obviously does not root shit, coz your
 trying to get mje to dump , if you had ANY idea, what would be 0day...
 so go hump yourself.. i have plenty of unbelievers on this list, you
 just jined that pile, and really, i wish my email filtering was
 better... but i actually wasting 5minutes to annoy you back mr.troll
 sir.
 
 
 
 
 On 21 November 2011 10:10, Leon Kaiser litera...@gmail.com wrote:
 
 GNAA isn't using any exploits. Nice IRC scripts you got there,
 kiddo.
 
 Leon
 -- 
 
 Leon Kaiser  - Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE F01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
  
 
 
 On Mon, 2011-11-21 at 10:03 +1100, xD 0x41 wrote:
 
  umm... go massmail someone else you annoying fucker.
  here is what one question about you yielded me sofar:
  
  [09:41am] @xd and who the fuck is gnaa anyhow :s i think
  they are the ones who ripping dark0de off mayb
  * Resolved: gnaa.eu to: 80.65.228.130
  [09:42am] @xd !kill gnaa.eu
  [09:48am] malishuz gnaa is a bunch of retards
  [09:48am] malishuz its like #anxiety
  [09:48am] malishuz and #grove
  [09:49am] malishuz mixed togerher
  [09:49am] malishuz its retarded love child
  [09:49am] malishuz they formed goatse security
  [09:49am] malishuz and published exploits
  [09:50am] malishuz for people to troll with mainly
  
  That sums up exactly what your trying on me right now
  fool... and that was only one opinion eh.. go fk yourself,
  go find your OWN exploits kiddo.
  
  
  
  On 21 November 2011 09:55, Leon Kaiser litera...@gmail.com
  wrote:
  
  Your use of the royal we is rather disturbing.
  Does your shrink know you use it? When making claims
  about my organization, please use coherent grammar
  so I can ascertain what you are attempting to
  convey.
  
  Yours,
  Leon
  -- 
  
  Leon Kaiser  - Head of GNAA Public Relations -
  litera...@gnaa.eu || litera...@goatse.fr
 http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
  The mask of anonymity is not intensely
  constructive.
 -- Andrew weev Auernheimer
   
  
  
  
  On Mon, 2011-11-21 at 09:51 +1100, xD 0x41 wrote:
  
   haha you are a looser.
   Why then are you asking me for a 0day, we all know
   exists... i thinkk you must not have them.. to
   bad, you never will
   Oh, and stop please, GNAA have been the idiots
   on this list if anyone, claim nothing, coz you DO
   nothing obviously.
   Bye!
   
   
   
   On 21 November 2011 09:48, Leon Kaiser
   litera...@gmail.com wrote:
   
   Since when does GNAA claim to have things
   and then refuse to prove said claims?
   
   Yours,
   Leon
   --

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Attention sirs,

xD 0x41 has just admitted to me that he does not, in fact, have any zero
day exploits. As he was too much of a pussy to post it to F-D, I shall
do it for him.
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Mon, 2011-11-21 at 10:33 +1100, xD 0x41 wrote:

 Why then are you asking me for a 0day, we all know i dont have one...
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
 
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-21 Thread Valdis . Kletnieks

On Mon, 21 Nov 2011 14:12:38 GMT, Darren Martyn said:

  Valdis - I did not know the source had gotten THAT big, still, will be
 interesting to explore parts of it that interest me - the TCP stack for a
 start... Also, thanks for the advice on the book :)

As of this morning, Linus's git tree had:

[/usr/src/linux] find * -type f | xargs cat | wc -l
14993265

and we're still at 3.2.0-rc2.  Almost certainly will tip over 15M by the time 
Linus
lets 3.2.0 escape.  The linux-next tree (which will become 3.3) is already 
sitting at
somewhere north of 15.3M lines of code.  Yes, we're averaging 100K lines of code
a month.

 Network manager has one amusing flaw I noted on both Atheros and Broadcom
 chipsets - it randomly suspends the Wireless card, requiring several
 reboots to fix. I still have to figure it out, and it just annoys me in
 general. Hence, making my own version of it.

Are you sure it's NetworkManager that's hosing things up, and not the driver
itself?  card hangs and takes a few reboots sounds like a MadWifi issue
rather than NetworkManager - there's a *reason* MadWifi got deprecated in favor
of the ath[59]k drivers. ;)

 Also, thanks for the advice on the mac80211, I was only familiar with
 MadWiFi as my netbook for wardriving ran an older Atheros card (Acer Aspire
 One from 2008). I will look into the mac80211 as soon as I can, the goal me
 and my friends have is to release a modified Ubuntu with our own network
 manager and some other Wireless auditing tools installed.

That's actually a reasonable goal easily achieved by 3-5 motivated people in
their spare time.


pgpZcLM5IsTQL.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-21 Thread Dan Kaminsky

On Mon, Nov 21, 2011 at 9:58 AM, valdis.kletni...@vt.edu wrote:

 On Mon, 21 Nov 2011 14:12:38 GMT, Darren Martyn said:

   Valdis - I did not know the source had gotten THAT big, still, will be
  interesting to explore parts of it that interest me - the TCP stack for a
  start... Also, thanks for the advice on the book :)

 As of this morning, Linus's git tree had:

 [/usr/src/linux] find * -type f | xargs cat | wc -l
 14993265

 and we're still at 3.2.0-rc2.  Almost certainly will tip over 15M by the
 time Linus
 lets 3.2.0 escape.  The linux-next tree (which will become 3.3) is already
 sitting at
 somewhere north of 15.3M lines of code.  Yes, we're averaging 100K lines
 of code
 a month.


15.3M lines of code != 15.3M lines of code in use on any one system !=
15.3M lines of code that can ever involve a security boundary.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-21 Thread Valdis . Kletnieks

On Mon, 21 Nov 2011 10:03:21 PST, Dan Kaminsky said:

 15.3M lines of code != 15.3M lines of code in use on any one system !=
 15.3M lines of code that can ever involve a security boundary.

Yes, but the vast majority of it is on use on *some* system (heck, there's still
code in there to support the 3 or so NCR Voyager systems still in existence).

And the biggest hassle with security boundaries is that often the place the
failure actually occurs is nowhere near where the boundary should have been
enforced. So just because there are only (for example) 500K lines of code
involved with the security boundary doesn't mean you can simply ignore the
other 14.8M lines of code, as you may have to do some hunting to find the 500K
you're interested in (in particular, a lot of ioctl parameter checks are pushed
down into drivers because the high-level VFS code has no *clue* what the
parameters mean or how to validate them).

It's kind of saying We're doing an easter egg hunt, and since we only care
about the 250 1-foot square areas that actually contain eggs, we're going to
gloss over the fact that the areas are hidded all over 5 acres of dense woods
and underbrush.



pgpNyJh2GamT8.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Well, i will give u an example when my website is up.. this is sad to,
as i rewrote econet exploit, and named it quarter-nelson.c ,now this
has been rooting your damn Ubuntus, for months.. and, it is a modified
version, and public. sorry but, thats just, 3 boxes i tested *today*
of different secure levls on ubuntu, both 10 and 11 yres..are dead,
and dead easy to exploit.. yes, the code is there, when kiddys stop
ddosing it.


On 21 November 2011 21:27, Jason A. Donenfeld ja...@zx2c4.com wrote:
 Hello Full Disclosure Hysterics  Friends,
 I have now read through five dozen complaints about how Ubuntu
 is fundamentally an unsecure operating system, filled with more holes than
 Swiss cheese.
 If somebody could direct me toward a local root exploit against a fully
 up-to-date Ubuntu 11.04 or 11.10 that attacks a piece of software that is
 installed by default, I would be most impressed and persuaded by your
 assertions, as well as being very appreciative.
 Thank you,
 Management
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

ye, it has been there for what, 4months... anyhow, i dun care much for
the website.. so better it stays down, less apm for me =d
byez


On 22 November 2011 14:27, Matthew Harlum secli...@cactuar.net wrote:
 On 22/11/11 2:16 PM, xD 0x41 wrote:

 quarter-nelson.c ... yes, the code is there, when kiddys stop
 ddosing it.

 Ha! Ha!


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-21 Thread root

DUDE...!!

dud..fuck this,

DUDE THAT WAS PATCHED LIKE TWO YEARS AGO






On 11/22/2011 12:33 AM, xD 0x41 wrote:
 ye, it has been there for what, 4months... anyhow, i dun care much for
 the website.. so better it stays down, less apm for me =d
 byez
 
 
 On 22 November 2011 14:27, Matthew Harlum secli...@cactuar.net wrote:
 On 22/11/11 2:16 PM, xD 0x41 wrote:

 quarter-nelson.c ... yes, the code is there, when kiddys stop
 ddosing it.

 Ha! Ha!

 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

no really whats most interesting about you, is your botnet your
running, from the isp.
i wonder if your the boss.. or just, using a bosslike nick... either
way, dont expect it to last much longer, isp owner or not, your doing
the wrong thing.
and yes i rooted you, 10x now, and more boxes will come, all on your
isp, so, dont worry, i will makesure shadowserver.de and honeypot,
have the details, once im finished with you, i will cleanse the other
smartarses who have annoyed me.
the right way,.
NO FD, fuck you all, and prepare for war to the arseholes who started
all this shit, over what u will find, is reality about ubuntu,.
anyhow, what was all this about, simply tryin to get me to give what i
will not do, and that is disclose good, root exploits.
go fuck yourself fd, do not expect shit from me, but nastiness, and
collection of your url;s for pwnage.



On 22 November 2011 17:55, xD 0x41 sec...@gmail.com wrote:
 -l ***malek -pw jty2ah -P 22

 hehe... isnt this fun,... your shits so insecure


 On 22 November 2011 17:50, xD 0x41 sec...@gmail.com wrote:
 yes i know that would be full nelson.. right... not coded same as my
 version, and dan rosenbergs version, is about as close as you would
 get to the public one actually working.. no, i said quarter-nelson.c
 ,tested today, on 3 boxes. all ubuntu str8 out of box. so, modified
 the code alittle, and, i guess theyre still exploitable... go see for
 yurself.. dont ask me shit, im outta this list, this code been on my
 site for months, and has rooted ubuntus, for months... and again,
 prooved that none of the releases, are any better... btw, i dont use
 mmap_min_addr... either.. as dan rosenberg and j.o did... there is
 abit of better trickery, altho, thats only the public version i am
 disclosing... the actual BEST exploit for ubuntu right now, is simply
 bash :)
 hehe... suck on my hairy ballz root@.


 On 22 November 2011 15:24, root ro...@fibertel.com.ar wrote:
 DUDE...!!

 dud..fuck this,

 DUDE THAT WAS PATCHED LIKE TWO YEARS AGO






 On 11/22/2011 12:33 AM, xD 0x41 wrote:
 ye, it has been there for what, 4months... anyhow, i dun care much for
 the website.. so better it stays down, less apm for me =d
 byez


 On 22 November 2011 14:27, Matthew Harlum secli...@cactuar.net wrote:
 On 22/11/11 2:16 PM, xD 0x41 wrote:

 quarter-nelson.c ... yes, the code is there, when kiddys stop
 ddosing it.

 Ha! Ha!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

and yeas, that was indeed me on the phone, go ask your boss how it
went.. err, maybe not :)
hehe..


On 22 November 2011 18:21, xD 0x41 sec...@gmail.com wrote:
 no really whats most interesting about you, is your botnet your
 running, from the isp.
 i wonder if your the boss.. or just, using a bosslike nick... either
 way, dont expect it to last much longer, isp owner or not, your doing
 the wrong thing.
 and yes i rooted you, 10x now, and more boxes will come, all on your
 isp, so, dont worry, i will makesure shadowserver.de and honeypot,
 have the details, once im finished with you, i will cleanse the other
 smartarses who have annoyed me.
 the right way,.
 NO FD, fuck you all, and prepare for war to the arseholes who started
 all this shit, over what u will find, is reality about ubuntu,.
 anyhow, what was all this about, simply tryin to get me to give what i
 will not do, and that is disclose good, root exploits.
 go fuck yourself fd, do not expect shit from me, but nastiness, and
 collection of your url;s for pwnage.



 On 22 November 2011 17:55, xD 0x41 sec...@gmail.com wrote:
 -l ***malek -pw jty2ah -P 22

 hehe... isnt this fun,... your shits so insecure


 On 22 November 2011 17:50, xD 0x41 sec...@gmail.com wrote:
 yes i know that would be full nelson.. right... not coded same as my
 version, and dan rosenbergs version, is about as close as you would
 get to the public one actually working.. no, i said quarter-nelson.c
 ,tested today, on 3 boxes. all ubuntu str8 out of box. so, modified
 the code alittle, and, i guess theyre still exploitable... go see for
 yurself.. dont ask me shit, im outta this list, this code been on my
 site for months, and has rooted ubuntus, for months... and again,
 prooved that none of the releases, are any better... btw, i dont use
 mmap_min_addr... either.. as dan rosenberg and j.o did... there is
 abit of better trickery, altho, thats only the public version i am
 disclosing... the actual BEST exploit for ubuntu right now, is simply
 bash :)
 hehe... suck on my hairy ballz root@.


 On 22 November 2011 15:24, root ro...@fibertel.com.ar wrote:
 DUDE...!!

 dud..fuck this,

 DUDE THAT WAS PATCHED LIKE TWO YEARS AGO






 On 11/22/2011 12:33 AM, xD 0x41 wrote:
 ye, it has been there for what, 4months... anyhow, i dun care much for
 the website.. so better it stays down, less apm for me =d
 byez


 On 22 November 2011 14:27, Matthew Harlum secli...@cactuar.net wrote:
 On 22/11/11 2:16 PM, xD 0x41 wrote:

 quarter-nelson.c ... yes, the code is there, when kiddys stop
 ddosing it.

 Ha! Ha!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/





___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-20 Thread Memory Vandal

On Sun, Nov 20, 2011 at 2:46 AM, xD 0x41 sec...@gmail.com wrote:
 Ok well how about lets put it simply...

 MS have had a Guest user, i believe it is MSUSER***  since what, 1970
 ? I know locally, i could possibly manipulate registry keys and make
 this user 'login' ready... but at this point i have local ax, so a. we
 know ms guest user cannot be touched remotely , or is someone putting
 up theyre own 0day wich can remotely change ms's inbuilt user... (as i
 thought, no one will answer that bit... there is no way to exploit
 it).


you is gotta be kidding, go  learn windows lamer. guest user in disabled
by default in windows unlike ubuntu. i have seen a lot people like you
claiming to be security experts when they dont know windows which even any
office clerk do.

MemoryVandal
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-20 Thread Dan Ballance

Why not disclose the weakest of the 10, silence the doubters and keep the
other 9 to yourself? There seem to be a lot of people on this list who
doubt your skills. Why not give them something small and repair your
reputation?
On 20 Nov 2011 00:32, xD 0x41 sec...@gmail.com wrote:

 I have said what I wanted to say... i wikll not disclose exploits on
 fd... sorry
 Just think of the MS issue, compared to Ubuntu user issue.. forget the
 rest :-)



 On 20 November 2011 11:23, root ro...@fibertel.com.ar wrote:
  what you say, main binary of ubuntu is suid?
 
  That enough, I'm switching to freebsd now. Also, this email is sarcasm
 haha
 
 
 
  On 11/19/2011 06:23 PM, GloW - XD wrote:
  Recently some stupid people got into management (as always happens)
 
  Oh here your right, but you still can relent, just dont fucking use
  the os wich sucks, i have learnt that this suually dictates how an os
  gets put tyogether... or no tajke some lessons out of windows
  even,. but do it smarter... idc, id never put ubuntu on a prod, OR
  local box, It got me once with the APC mags promo about how cl ubu
  is, then i found there is only about 100 bad binarys, your almost
  there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
  is, your main binary wich is simplest, is vulnerable to suid attack...
  i guess some people would know this method, and know what i am talking
  about.. if not badluck.
 
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
 

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

ou is gotta be kidding, go  learn windows lamer. guest user in
disabled by default in windows unlike ubuntu. i have

I have just said that, the f**king deature has been here for ages in
m$ , are you stupid ?
anyhow, yes, exactly, it has been in windows for fucking years...
thats exactly what i tried to say, idiot.


On 20 November 2011 18:01, Memory Vandal memvan...@gmail.com wrote:


 On Sun, Nov 20, 2011 at 2:46 AM, xD 0x41 sec...@gmail.com wrote:
 Ok well how about lets put it simply...

 MS have had a Guest user, i believe it is MSUSER***  since what, 1970
 ? I know locally, i could possibly manipulate registry keys and make
 this user 'login' ready... but at this point i have local ax, so a. we
 know ms guest user cannot be touched remotely , or is someone putting
 up theyre own 0day wich can remotely change ms's inbuilt user... (as i
 thought, no one will answer that bit... there is no way to exploit
 it).


 you is gotta be kidding, go  learn windows lamer. guest user in disabled by
 default in windows unlike ubuntu. i have seen a lot people like you claiming
 to be security experts when they dont know windows which even any office
 clerk do.

 MemoryVandal


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

You need to scrape up on your English, i clearly stated things here,
do not try and bend any rules, I simply stated , this feature has been
in MS for years... and yea, so what, ?? Its disabled by default, that
doesnt mean it still is not there, idiotx2.
YOU learn english.
I have nothing to proove... I wont open my arse for Valdis or his nerd
squad,... ill help those who sincerely ask it.
bye now chump.


On 20 November 2011 18:01, Memory Vandal memvan...@gmail.com wrote:


 On Sun, Nov 20, 2011 at 2:46 AM, xD 0x41 sec...@gmail.com wrote:
 Ok well how about lets put it simply...

 MS have had a Guest user, i believe it is MSUSER***  since what, 1970
 ? I know locally, i could possibly manipulate registry keys and make
 this user 'login' ready... but at this point i have local ax, so a. we
 know ms guest user cannot be touched remotely , or is someone putting
 up theyre own 0day wich can remotely change ms's inbuilt user... (as i
 thought, no one will answer that bit... there is no way to exploit
 it).


 you is gotta be kidding, go  learn windows lamer. guest user in disabled by
 default in windows unlike ubuntu. i have seen a lot people like you claiming
 to be security experts when they dont know windows which even any office
 clerk do.

 MemoryVandal


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

I have no reputation on FD to recover.
I dont care for your rants and ravings, the people who DO know me,
know i dont talk a BIT of shit, and they DO get places... en masse, i
will never help you, root a box, is simple as that.


On 20 November 2011 20:12, Dan Ballance tzewang.do...@gmail.com wrote:
 Why not disclose the weakest of the 10, silence the doubters and keep the
 other 9 to yourself? There seem to be a lot of people on this list who doubt
 your skills. Why not give them something small and repair your reputation?

 On 20 Nov 2011 00:32, xD 0x41 sec...@gmail.com wrote:

 I have said what I wanted to say... i wikll not disclose exploits on
 fd... sorry
 Just think of the MS issue, compared to Ubuntu user issue.. forget the
 rest :-)



 On 20 November 2011 11:23, root ro...@fibertel.com.ar wrote:
  what you say, main binary of ubuntu is suid?
 
  That enough, I'm switching to freebsd now. Also, this email is sarcasm
  haha
 
 
 
  On 11/19/2011 06:23 PM, GloW - XD wrote:
  Recently some stupid people got into management (as always happens)
 
  Oh here your right, but you still can relent, just dont fucking use
  the os wich sucks, i have learnt that this suually dictates how an os
  gets put tyogether... or no tajke some lessons out of windows
  even,. but do it smarter... idc, id never put ubuntu on a prod, OR
  local box, It got me once with the APC mags promo about how cl ubu
  is, then i found there is only about 100 bad binarys, your almost
  there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
  is, your main binary wich is simplest, is vulnerable to suid attack...
  i guess some people would know this method, and know what i am talking
  about.. if not badluck.
 
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
 

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-20 Thread Ferenc Kovacs

On Sun, Nov 20, 2011 at 11:26 PM, xD 0x41 sec...@gmail.com wrote:

 You need to scrape up on your English, i clearly stated things here,
 do not try and bend any rules, I simply stated , this feature has been
 in MS for years... and yea, so what, ?? Its disabled by default, that
 doesnt mean it still is not there, idiotx2.
 YOU learn english.


You Sir just made my day!

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

yes, and i see gnaa is so wonderful :)


On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:

 **
 I'm not asking you to give me it. I don't want it. Yet you refuse to
 demonstrate it or flex in the slightest bit. From what I've seen on this
 list, you are nothing *but* full of shit. You *do* have to proove crap
 if you are so full of it that it's spilling out of your ass.

 Enjoy your elitist outlook on life,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 

   On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:

 lol... yes whatever.whats making me laugh is, your askin me for
 somethin you SHOULD really have here... i should NOT have to proove crap,
 if you have a 2011 exploit, or dont, well, thats to bad for you then... i
 aint able to gief my one, it stays pbvt, i dont help lamers root, either.
 Those who have been cool, with me from START of this shit, will get every
 truth, and thats how it will stay the bigmouths, get 0.


  On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com wrote:

  And neither does the Internet. Even if you do, in fact, have even a
 single XSS exploit.

 Yours,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 


   On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:

 believe wtf you want. i dont care,


 On 21 November 2011 09:34, Leon Kaiser litera...@gmail.com wrote:

 I don't believe you.

 Have fun seeking attention,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 



   On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:

 I have disclosed to others, just not YOU.
 have a nice day idiot.


 On 20 November 2011 14:15, Leon Kaiser litera...@gmail.com wrote:

 That's because you don't have any exploits to disclose. Everyone knows
 this, you don't need to pretend that you do.

   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 




   On Sun, 2011-11-20 at 11:31 +1100, xD 0x41 wrote:

 I have said what I wanted to say... i wikll not disclose exploits on
 fd... sorry
 Just think of the MS issue, compared to Ubuntu user issue.. forget the rest 
 :-)



 On 20 November 2011 11:23, root ro...@fibertel.com.ar wrote:
  what you say, main binary of ubuntu is suid?
 
  That enough, I'm switching to freebsd now. Also, this email is sarcasm haha
 
 
 
  On 11/19/2011 06:23 PM, GloW - XD wrote:
  Recently some stupid people got into management (as always happens)
 
  Oh here your right, but you still can relent, just dont fucking use
  the os wich sucks, i have learnt that this suually dictates how an os
  gets put tyogether... or no tajke some lessons out of windows
  even,. but do it smarter... idc, id never put ubuntu on a prod, OR
  local box, It got me once with the APC mags promo about how cl ubu
  is, then i found there is only about 100 bad binarys, your almost
  there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
  is, your main binary wich is simplest, is vulnerable to suid attack...
  i guess some people would know this

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Enjoy your elitist outlook on life,

As it has been, since i was eric Jones :)

bye lamarr.


On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:

 **
 I'm not asking you to give me it. I don't want it. Yet you refuse to
 demonstrate it or flex in the slightest bit. From what I've seen on this
 list, you are nothing *but* full of shit. You *do* have to proove crap
 if you are so full of it that it's spilling out of your ass.

 Enjoy your elitist outlook on life,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 

   On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:

 lol... yes whatever.whats making me laugh is, your askin me for
 somethin you SHOULD really have here... i should NOT have to proove crap,
 if you have a 2011 exploit, or dont, well, thats to bad for you then... i
 aint able to gief my one, it stays pbvt, i dont help lamers root, either.
 Those who have been cool, with me from START of this shit, will get every
 truth, and thats how it will stay the bigmouths, get 0.


  On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com wrote:

  And neither does the Internet. Even if you do, in fact, have even a
 single XSS exploit.

 Yours,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 


   On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:

 believe wtf you want. i dont care,


 On 21 November 2011 09:34, Leon Kaiser litera...@gmail.com wrote:

 I don't believe you.

 Have fun seeking attention,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 



   On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:

 I have disclosed to others, just not YOU.
 have a nice day idiot.


 On 20 November 2011 14:15, Leon Kaiser litera...@gmail.com wrote:

 That's because you don't have any exploits to disclose. Everyone knows
 this, you don't need to pretend that you do.

   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 




   On Sun, 2011-11-20 at 11:31 +1100, xD 0x41 wrote:

 I have said what I wanted to say... i wikll not disclose exploits on
 fd... sorry
 Just think of the MS issue, compared to Ubuntu user issue.. forget the rest 
 :-)



 On 20 November 2011 11:23, root ro...@fibertel.com.ar wrote:
  what you say, main binary of ubuntu is suid?
 
  That enough, I'm switching to freebsd now. Also, this email is sarcasm haha
 
 
 
  On 11/19/2011 06:23 PM, GloW - XD wrote:
  Recently some stupid people got into management (as always happens)
 
  Oh here your right, but you still can relent, just dont fucking use
  the os wich sucks, i have learnt that this suually dictates how an os
  gets put tyogether... or no tajke some lessons out of windows
  even,. but do it smarter... idc, id never put ubuntu on a prod, OR
  local box, It got me once with the APC mags promo about how cl ubu
  is, then i found there is only about 100 bad binarys, your almost
  there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
  is, your main binary wich is simplest, is vulnerable to

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

haha you are a looser.
Why then are you asking me for a 0day, we all know exists... i thinkk you
must not have them.. to bad, you never will
Oh, and stop please, GNAA have been the idiots on this list if anyone,
claim nothing, coz you DO nothing obviously.
Bye!



On 21 November 2011 09:48, Leon Kaiser litera...@gmail.com wrote:

 **
 Since when does GNAA claim to have things and then refuse to prove said
 claims?

 Yours,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 

   On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote:

 yes, and i see gnaa is so wonderful :)


  On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:

  I'm not asking you to give me it. I don't want it. Yet you refuse to
 demonstrate it or flex in the slightest bit. From what I've seen on this
 list, you are nothing *but* full of shit. You *do* have to proove crap
 if you are so full of it that it's spilling out of your ass.

 Enjoy your elitist outlook on life,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 


   On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:

 lol... yes whatever.whats making me laugh is, your askin me for
 somethin you SHOULD really have here... i should NOT have to proove crap,
 if you have a 2011 exploit, or dont, well, thats to bad for you then... i
 aint able to gief my one, it stays pbvt, i dont help lamers root, either.
 Those who have been cool, with me from START of this shit, will get every
 truth, and thats how it will stay the bigmouths, get 0.


 On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com wrote:

 And neither does the Internet. Even if you do, in fact, have even a single
 XSS exploit.

 Yours,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 



   On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:

 believe wtf you want. i dont care,


 On 21 November 2011 09:34, Leon Kaiser litera...@gmail.com wrote:

 I don't believe you.

 Have fun seeking attention,
 Leon
   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 




   On Mon, 2011-11-21 at 09:32 +1100, xD 0x41 wrote:

 I have disclosed to others, just not YOU.
 have a nice day idiot.


 On 20 November 2011 14:15, Leon Kaiser litera...@gmail.com wrote:

 That's because you don't have any exploits to disclose. Everyone knows
 this, you don't need to pretend that you do.

   --
 
 *Leon Kaiser http://www.linkedin.com/profile/view?id=131948275*  -
 Head of GNAA Public Relations -
 litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
   7BEECD8D FCBED526 F7960173 459111CE 
 F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
 The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer
 





   On Sun, 2011-11-20 at 11:31 +1100, xD 0x41 wrote:

 I have said what I wanted to

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

umm... go massmail someone else you annoying fucker.
here is what one question about you yielded me sofar:

[09:41am] @xd and who the fuck is gnaa anyhow :s i think they are the
ones who ripping dark0de off mayb
* Resolved: gnaa.eu to: 80.65.228.130
[09:42am] @xd !kill gnaa.eu
[09:48am] malishuz gnaa is a bunch of retards
[09:48am] malishuz its like #anxiety
[09:48am] malishuz and #grove
[09:49am] malishuz mixed togerher
[09:49am] malishuz its retarded love child
[09:49am] malishuz they formed goatse security
[09:49am] malishuz and published exploits
[09:50am] malishuz for people to troll with mainly

That sums up exactly what your trying on me right now fool... and that was
only one opinion eh.. go fk yourself, go find your OWN exploits kiddo.

On 21 November 2011 09:55, Leon Kaiser litera...@gmail.com wrote:

**
Your use of the royal we is rather disturbing. Does your shrink know you
use it? When making claims about my organization, please use coherent
grammar so I can ascertain what you are attempting to convey.

Yours,
Leon
--

*Leon Kaiser http://www.linkedin.com/profile/view?id=131948275* -
Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE
F01F9923http://pgp.mit.edu:11371/pks/lookup?op=vindexfingerprint=onsearch=0x459111CEF01F9923
The mask of anonymity is not intensely constructive.
-- Andrew weev Auernheimer

On Mon, 2011-11-21 at 09:51 +1100, xD 0x41 wrote:

haha you are a looser.
Why then are you asking me for a 0day, we all know exists... i thinkk you
must not have them.. to bad, you never will
Oh, and stop please, GNAA have been the idiots on this list if anyone,
claim nothing, coz you DO nothing obviously.
Bye!

On 21 November 2011 09:48, Leon Kaiser litera...@gmail.com wrote:

Since when does GNAA claim to have things and then refuse to prove said
claims?

Yours,
Leon
--

On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote:

yes, and i see gnaa is so wonderful :)

On 21 November 2011 09:43, Leon Kaiser litera...@gmail.com wrote:

I'm not asking you to give me it. I don't want it. Yet you refuse to
demonstrate it or flex in the slightest bit. From what I've seen on this
list, you are nothing *but* full of shit. You *do* have to proove crap
if you are so full of it that it's spilling out of your ass.

Enjoy your elitist outlook on life,
Leon
--

On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote:

lol... yes whatever.whats making me laugh is, your askin me for
somethin you SHOULD really have here... i should NOT have to proove crap,
if you have a 2011 exploit, or dont, well, thats to bad for you then... i
aint able to gief my one, it stays pbvt, i dont help lamers root, either.
Those who have been cool, with me from START of this shit, will get every
truth, and thats how it will stay the bigmouths, get 0.

On 21 November 2011 09:36, Leon Kaiser litera...@gmail.com wrote:

And neither does the Internet. Even if you do, in fact, have even a single
XSS exploit.

Yours,
Leon
--

On Mon, 2011-11-21 at 09:35 +1100, xD 0x41 wrote:

believe wtf

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-20 Thread Valdis . Kletnieks

On Mon, 21 Nov 2011 09:26:14 +1100, xD 0x41 said:
 You need to scrape up on your English, i clearly stated things here,
 do not try and bend any rules, I simply stated , this feature has been
 in MS for years... and yea, so what, ?? Its disabled by default, that
 doesnt mean it still is not there, idiotx2.

No, the fact that the guest user is disabled by default on Windows means it
doesn't have the feature of a enabled passwordless guest userid out of the box.

Now what was this about scraping up on your English?


pgprO6KkRSeez.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-20 Thread Valdis . Kletnieks

On Sat, 19 Nov 2011 06:39:43 +1100, GloW - XD said:
 yea, id also like to see how on earth Valdis calls this some kinda new
 'root' problem...

I didn't say it was a *new* problem. It's a reappearance of a problem that's
been spotted every few years since probably before most of the readers of this
list were born.




pgpp4M2T2G2R7.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread Johan Nestaas

Sometimes it bothers me that everyone says Ubuntu is made for newbs and
that you're expected to switch distros as soon as you know enough to do it.
I worked as an intern with some folks who developed 802.11s, secure mesh
networking, and they mostly used Ubuntu. I find it extremely fast to
install, set up IDE's, and get a dev workstation up and running. I've never
had an easier time installing a printer. Sure, that helps newbies, but it
also makes work happen quick. If any problems come up, you can't beat their
user base and forums.
I love the freedom of choice, and I switch it up every few months to see
how the other distros are doing, but generally I'm back to ubuntu in a few
weeks.
Also, maybe I'm wrong about this and there are other reasons, but the
newest backtrack is ubuntu based, and they always mention that their distro
is meant for experienced linux users (and more of a toolkit than anything).
I don't know, I guess I feel like ubuntu should be cut some slack for being
newb friendly. It's not such a bad thing.
On Fri, Nov 18, 2011 at 11:32 AM, Olivier feui...@bibibox.fr wrote:

 On 11/18/2011 03:10 PM, Dan Kaminsky wrote:
 
 
  On Fri, Nov 18, 2011 at 5:01 AM, valdis.kletni...@vt.edu
  mailto:valdis.kletni...@vt.edu wrote:
 
  On Thu, 17 Nov 2011 15:53:41 CST, C de-Avillez said:
 
   There is no guest account on an Ubuntu server, so at least there
   this is not a real/perceived risk.
 
  And nobody's *ever* installed the desktop version on a server
  because they didn't
  know any better, especially from Ubuntu's target audience.  Gotcha.
 ;)
 
 
  OK, seriously.  If you're sitting in front of a machine that's
  presenting you a login prompt, you've got enough privileges to insert a
  bootable USB/CD and pull all the data / make yourself an account
  (FDE/Bios PW notwithstanding).

 My disk is password protected, and the whole system (except /boot) is
 encrypted. Ubuntu guest account is definitively the best way to hack a
 running laptop (or workstation).

 --
 Olivier

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread Leon Kaiser

It's a good thing that Desktop Linux is dead/dying/never got off the
ground anyways, then!
-- 

Leon Kaiser  - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
   http://gnaa.eu || http://security.goatse.fr
  7BEECD8D FCBED526 F7960173 459111CE F01F9923
The mask of anonymity is not intensely constructive.
   -- Andrew weev Auernheimer
 

On Fri, 2011-11-18 at 12:24 +0100, Mario Vilas wrote:

 Let's not overreact. We're talking about a guest account only on
 dekstop systems, for local login only, and perfectly visible to the
 user. The only problem I see here is not having a simple GUI way to
 disable the guest login for a non tech-savvy user, but no more. (Or am
 I missing something here?)
 
 
 On Thu, Nov 17, 2011 at 9:52 PM, Olivier feui...@bibibox.fr wrote:
 
 On 11/17/2011 08:34 PM, Ryan Dewhurst wrote:
  Are there any other services this may effect?
 
 The question could also be how many features like this are
 (will be?)
 silently enabled by default on new Ubuntu systems.
 
 Perfect for business use, Ubuntu is safe, intuitive and
 stable --
 http://www.ubuntu.com/business
 
 Ubuntu is clearly no more recommended for business use. End
 users will
 have to become security experts to avoid teenager's
 attacks ... shameful
 
 
  On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden
  andrew_dow...@softdesign.net.nz
  mailto:andrew_dow...@softdesign.net.nz wrote:
 
  On 18/11/11 23:46, Larry W. Cashdollar wrote:
  Anyone know what the default is for Ubuntu 11
 
  PermitEmptyPasswords no
  PasswordAuthentication no
 
 
  in /etc/ssh/sshd_config?
  for Ubuntu 11.10 (Oneiric)
 
  snip: ( from */etc/ssh/sshd_config* )
  --
  # To enable empty passwords, change to yes (NOT
 RECOMMENDED)
  PermitEmptyPasswords no
  --
  # Change to no to disable tunnelled clear text passwords
  #PasswordAuthentication yes
  --
 
 --
 Olivier
 
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 
 
 
 
 
 
 
 
 -- 
 “There's a reason we separate military and the police: one fights
 the enemy of the state, the other serves and protects the people. When
 the military becomes both, then the enemies of the state tend to
 become the people.”
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread james

I'll second that; the isp I work at has a sizeable ubuntu customer base and 
these are customers who have made an informed decision.

Now; let's consider ubuntu's inherited security from debian such as configuring 
a 'mortal account' (admittedly can be ignored in the preseed) and then the lack 
of perms on su; must use sudo.

This is a distro that is newbie friendly but is not designed specifically for 
them.

Unfortunately, though, you make a distro with simplified tasks (printer 
installation a fantastic example) and people, especially long term linuxers- 
though I ought to be included I guess, remember back all too easily to when 
everything was an uphill struggle: what do you mean I don't have to compile 
this as a flipping module? That's not freedom! Being all too familiar.

Just my tuppence worth anyway.

Sent from my BlackBerry® wireless device

-Original Message-
From: Johan Nestaas johannest...@gmail.com
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Fri, 18 Nov 2011 12:04:46 
To: Olivierfeui...@bibibox.fr
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread 夜神　岩男

On 11/18/2011 11:33 PM, valdis.kletni...@vt.edu wrote:
 On Fri, 18 Nov 2011 06:10:00 PST, Dan Kaminsky said:

 OK, seriously.  If you're sitting in front of a machine that's presenting
 you a login prompt, you've got enough privileges to insert a bootable
 USB/CD and pull all the data / make yourself an account (FDE/Bios PW
 notwithstanding).

 Right.  Which is why a passwordless guest account available to people who have
 physical access isn't such a big deal.  The problem is that if you manage to
 get ssh enabled, there's not *that* much stopping the account from being used
 from Zanzibar.

 Some operating systems (AIX, for instance) allowed tagging a userid as local
 access only, or even may only login on tty 3, 5, and 23.  Adding that sort
 of a tag to the guest account would help the situation by adding some
 security in depth.

Not saying this train of thought itself is safe, but... we've needed a 
singleuser mode (by whatever name) as a failsafe since ages forgotten.

That being said, I don't know what is necessary about a default guest 
account -- those who really need physical access, passwordless guest 
accounts tend to know how to set them up.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread Dan Kaminsky

What is the security differential between su and sudo bash?

Sent from my iPhone

On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:

 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.
 
 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) and 
 then the lack of perms on su; must use sudo.
 
 This is a distro that is newbie friendly but is not designed specifically for 
 them.
 
 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term linuxers- 
 though I ought to be included I guess, remember back all too easily to when 
 everything was an uphill struggle: what do you mean I don't have to compile 
 this as a flipping module? That's not freedom! Being all too familiar.
 
 Just my tuppence worth anyway.
 
 Sent from my BlackBerry® wireless device
 
 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46 
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread james

Effective user id as a short answer; compare sudo whoami and su - whoami

Sent from my BlackBerry® wireless device

-Original Message-
From: Dan Kaminsky d...@doxpara.com
Date: Sat, 19 Nov 2011 11:36:47 
To: ja...@zero-internet.org.ukja...@zero-internet.org.uk
Cc: Johan Nestaasjohannest...@gmail.com; 
full-disclosure-boun...@lists.grok.org.ukfull-disclosure-boun...@lists.grok.org.uk;
 Olivierfeui...@bibibox.fr; 
full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

What is the security differential between su and sudo bash?

Sent from my iPhone

On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:

 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.

 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) and 
 then the lack of perms on su; must use sudo.

 This is a distro that is newbie friendly but is not designed specifically for 
 them.

 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term linuxers- 
 though I ought to be included I guess, remember back all too easily to when 
 everything was an uphill struggle: what do you mean I don't have to compile 
 this as a flipping module? That's not freedom! Being all too familiar.

 Just my tuppence worth anyway.

 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46 
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread Dan Kaminsky

Er, sudo bash gives you /dev/kmem, access to the hard drive block device...

Sent from my iPhone

On Nov 19, 2011, at 11:44 AM, ja...@zero-internet.org.uk wrote:

 Effective user id as a short answer; compare sudo whoami and su - whoami
 
 
 Sent from my BlackBerry® wireless device
 
 -Original Message-
 From: Dan Kaminsky d...@doxpara.com
 Date: Sat, 19 Nov 2011 11:36:47 
 To: ja...@zero-internet.org.ukja...@zero-internet.org.uk
 Cc: Johan Nestaasjohannest...@gmail.com; 
 full-disclosure-boun...@lists.grok.org.ukfull-disclosure-boun...@lists.grok.org.uk;
  Olivierfeui...@bibibox.fr; 
 full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
 
 What is the security differential between su and sudo bash?
 
 Sent from my iPhone
 
 On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:
 
 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.
 
 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) 
 and then the lack of perms on su; must use sudo.
 
 This is a distro that is newbie friendly but is not designed specifically 
 for them.
 
 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term linuxers- 
 though I ought to be included I guess, remember back all too easily to when 
 everything was an uphill struggle: what do you mean I don't have to compile 
 this as a flipping module? That's not freedom! Being all too familiar.
 
 Just my tuppence worth anyway.
 
 Sent from my BlackBerry® wireless device
 
 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46 
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Ok well how about lets put it simply...

MS have had a Guest user, i believe it is MSUSER***  since what, 1970
? I know locally, i could possibly manipulate registry keys and make
this user 'login' ready... but at this point i have local ax, so a. we
know ms guest user cannot be touched remotely , or is someone putting
up theyre own 0day wich can remotely change ms's inbuilt user... (as i
thought, no one will answer that bit... there is no way to exploit
it).

So if we compare these two os, one would be classed as crappy
(windows), one would be classed as entry-level... now the reason why
ubuntu has this look is simple, you have 3 versions of one OS, Kubuntu
Xubuntu and ubuntu , all split into server-client categorys, and these
are totally different configurations... so stop trying to say Ubuntu
is PRO, it aint, it is handed out on magazines, like many smaller os
are, and then you have places like APC mag, doing direct changeovers
from windows to ubuntu, was a 2010 issue wich actually did this, and
yea, i could prolly find exactly what mag, but i dont think that is
alone...
Ubuntu is portrayed as entry level by its owners, and then having a
thousand local xploits, and people like the e-caliber , making addons
for ubuntu, i would say the popularity of it, is growing less... so
dont worry, im sure there will b less exploitations of Ubuntu..just
not this year :)
have a nice day, m$ r00l users.
xd



On 19 November 2011 07:04, Johan Nestaas johannest...@gmail.com wrote:
 Sometimes it bothers me that everyone says Ubuntu is made for newbs and that
 you're expected to switch distros as soon as you know enough to do it.
 I worked as an intern with some folks who developed 802.11s, secure mesh
 networking, and they mostly used Ubuntu. I find it extremely fast to
 install, set up IDE's, and get a dev workstation up and running. I've never
 had an easier time installing a printer. Sure, that helps newbies, but it
 also makes work happen quick. If any problems come up, you can't beat their
 user base and forums.
 I love the freedom of choice, and I switch it up every few months to see how
 the other distros are doing, but generally I'm back to ubuntu in a few
 weeks.
 Also, maybe I'm wrong about this and there are other reasons, but the newest
 backtrack is ubuntu based, and they always mention that their distro is
 meant for experienced linux users (and more of a toolkit than anything).
 I don't know, I guess I feel like ubuntu should be cut some slack for being
 newb friendly. It's not such a bad thing.

 On Fri, Nov 18, 2011 at 11:32 AM, Olivier feui...@bibibox.fr wrote:

 On 11/18/2011 03:10 PM, Dan Kaminsky wrote:
 
 
  On Fri, Nov 18, 2011 at 5:01 AM, valdis.kletni...@vt.edu
  mailto:valdis.kletni...@vt.edu wrote:
 
      On Thu, 17 Nov 2011 15:53:41 CST, C de-Avillez said:
 
       There is no guest account on an Ubuntu server, so at least there
       this is not a real/perceived risk.
 
      And nobody's *ever* installed the desktop version on a server
      because they didn't
      know any better, especially from Ubuntu's target audience.  Gotcha.
  ;)
 
 
  OK, seriously.  If you're sitting in front of a machine that's
  presenting you a login prompt, you've got enough privileges to insert a
  bootable USB/CD and pull all the data / make yourself an account
  (FDE/Bios PW notwithstanding).

 My disk is password protected, and the whole system (except /boot) is
 encrypted. Ubuntu guest account is definitively the best way to hack a
 running laptop (or workstation).

 --
 Olivier

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread GloW - XD

dude, you have GOT to be kidding.
I can exploit Ubuntu 2011 server and client about 10 ways, and
probably same with half this list, it is INDED entry level, or, just
stop handding it out on magazines with how to use ubuntu! Move to
easy linux now! promos, and then your words have merit.



On 19 November 2011 18:14, root ro...@fibertel.com.ar wrote:
 On 11/18/2011 11:01 AM, Darren Martyn wrote:
 To be honest, while Ubuntu is hardly secure, it is not DESIGNED to be
 secure per se. It is designed to wean Windows users away from M$ and toward
 GNU/Linux OS types. Kind of a Linux for newbs. My family went from Win XP
 to Ubuntu years ago and stuck with it. I moved on to Debian, they stuck to
 Ubuntu and Win7 (eventually) as they are not computer enthusiasts - mere
 users.

 Bullshit, Ubuntu is designed (or at least, was designed) to be very
 secure, check all the stuff it comes by default:

 https://wiki.ubuntu.com/Security/Features

 Not even the default Debian kernel has all those features activated. If
 I'm wrong, why you see metasploit modules for Debian but not for Ubuntu?
 that's the reason.

 Recently some stupid people got into management (as always happens) and
 we have things like unity, the fucked up 24-bit ASLR in i386, and this
 guest account for retards.


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread GloW - XD

Recently some stupid people got into management (as always happens)

Oh here your right, but you still can relent, just dont fucking use
the os wich sucks, i have learnt that this suually dictates how an os
gets put tyogether... or no tajke some lessons out of windows
even,. but do it smarter... idc, id never put ubuntu on a prod, OR
local box, It got me once with the APC mags promo about how cl ubu
is, then i found there is only about 100 bad binarys, your almost
there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
is, your main binary wich is simplest, is vulnerable to suid attack...
i guess some people would know this method, and know what i am talking
about.. if not badluck.


Now, adding in a known MS flawed user... well, whats stopping it from
taking out lamest fucking os of year award... nothing. clean
management, and clean your 3rd party addons, then ill maybe consider
even using it partially again.
It sucks, simple, gimme user ax to your ubuntu, so i can rape it. thx :)





On 19 November 2011 18:14, root ro...@fibertel.com.ar wrote:
 On 11/18/2011 11:01 AM, Darren Martyn wrote:
 To be honest, while Ubuntu is hardly secure, it is not DESIGNED to be
 secure per se. It is designed to wean Windows users away from M$ and toward
 GNU/Linux OS types. Kind of a Linux for newbs. My family went from Win XP
 to Ubuntu years ago and stuck with it. I moved on to Debian, they stuck to
 Ubuntu and Win7 (eventually) as they are not computer enthusiasts - mere
 users.

 Bullshit, Ubuntu is designed (or at least, was designed) to be very
 secure, check all the stuff it comes by default:

 https://wiki.ubuntu.com/Security/Features

 Not even the default Debian kernel has all those features activated. If
 I'm wrong, why you see metasploit modules for Debian but not for Ubuntu?
 that's the reason.

 Recently some stupid people got into management (as always happens) and
 we have things like unity, the fucked up 24-bit ASLR in i386, and this
 guest account for retards.


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread GloW - XD

very good question, when i have seen bugs in sudo, wich allow me to
gain root, using sudo su - ,wich is a feature but, if not protected
and you have a bad sudo binary 9the sudo -g bug was about time i did
tests with the amazon sudo) .. i asked a friend also to do this test
and he also gained root thru a non sudo account, because BOTH binarys
are there i am still baffled with this, i try avoid sudo where i
can and, because sudo -g bug was nasty, i try use su - ,wich is abit
better i 8think* , but very good question,... id like to know this
reasons why to..



On 20 November 2011 06:36, Dan Kaminsky d...@doxpara.com wrote:
 What is the security differential between su and sudo bash?

 Sent from my iPhone

 On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:

 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.

 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) 
 and then the lack of perms on su; must use sudo.

 This is a distro that is newbie friendly but is not designed specifically 
 for them.

 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term linuxers- 
 though I ought to be included I guess, remember back all too easily to when 
 everything was an uphill struggle: what do you mean I don't have to compile 
 this as a flipping module? That's not freedom! Being all too familiar.

 Just my tuppence worth anyway.

 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Ok, what happens then if we have a bug in sudo binary, and the box has
both su and sudo binarys available... again, ill use sudo -g bug as
example. why are both needed, why not make one secure method to
have sudoers... this is one area on linux i never have liked.


On 20 November 2011 06:44,  ja...@zero-internet.org.uk wrote:
 Effective user id as a short answer; compare sudo whoami and su - whoami


 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Dan Kaminsky d...@doxpara.com
 Date: Sat, 19 Nov 2011 11:36:47
 To: ja...@zero-internet.org.ukja...@zero-internet.org.uk
 Cc: Johan Nestaasjohannest...@gmail.com; 
 full-disclosure-boun...@lists.grok.org.ukfull-disclosure-boun...@lists.grok.org.uk;
  Olivierfeui...@bibibox.fr; 
 full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 What is the security differential between su and sudo bash?

 Sent from my iPhone

 On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:

 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.

 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) 
 and then the lack of perms on su; must use sudo.

 This is a distro that is newbie friendly but is not designed specifically 
 for them.

 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term linuxers- 
 though I ought to be included I guess, remember back all too easily to when 
 everything was an uphill struggle: what do you mean I don't have to compile 
 this as a flipping module? That's not freedom! Being all too familiar.

 Just my tuppence worth anyway.

 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Already 2 conflicting answers,abit of confusion i might say  this
is exactly why it should be ONE flippin binary.




On 20 November 2011 06:54, Dan Kaminsky d...@doxpara.com wrote:
 Er, sudo bash gives you /dev/kmem, access to the hard drive block device...

 Sent from my iPhone

 On Nov 19, 2011, at 11:44 AM, ja...@zero-internet.org.uk wrote:

 Effective user id as a short answer; compare sudo whoami and su - whoami


 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Dan Kaminsky d...@doxpara.com
 Date: Sat, 19 Nov 2011 11:36:47
 To: ja...@zero-internet.org.ukja...@zero-internet.org.uk
 Cc: Johan Nestaasjohannest...@gmail.com; 
 full-disclosure-boun...@lists.grok.org.ukfull-disclosure-boun...@lists.grok.org.uk;
  Olivierfeui...@bibibox.fr; 
 full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 What is the security differential between su and sudo bash?

 Sent from my iPhone

 On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote:

 I'll second that; the isp I work at has a sizeable ubuntu customer base and 
 these are customers who have made an informed decision.

 Now; let's consider ubuntu's inherited security from debian such as 
 configuring a 'mortal account' (admittedly can be ignored in the preseed) 
 and then the lack of perms on su; must use sudo.

 This is a distro that is newbie friendly but is not designed specifically 
 for them.

 Unfortunately, though, you make a distro with simplified tasks (printer 
 installation a fantastic example) and people, especially long term 
 linuxers- though I ought to be included I guess, remember back all too 
 easily to when everything was an uphill struggle: what do you mean I don't 
 have to compile this as a flipping module? That's not freedom! Being all 
 too familiar.

 Just my tuppence worth anyway.

 Sent from my BlackBerry® wireless device

 -Original Message-
 From: Johan Nestaas johannest...@gmail.com
 Sender: full-disclosure-boun...@lists.grok.org.uk
 Date: Fri, 18 Nov 2011 12:04:46
 To: Olivierfeui...@bibibox.fr
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

DESCRIPTION:
Ubuntu has issued an update for librsvg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the
library.


It just does not stop with ubuntu.. really, everyday i see another
problem lib etc... well, atleast theyre fixing it :s maybe in a cpl
years Ubuntu will be abit nicer to use.. or, just go back a few
versions and harden... i found 2009 kernel of ubuntu very easy to
harden, yet newer ones, i would be worried to even attempt..
anyhow thats all i think i have on this toic.. its another wasted time
topic... MS has had this 'feauture' for years...so why is it only
being picked out in ubuntu..
ohwell.. i guess the divison of iso cds is a problem..and somuch
magazine coverage where ubuntu developers themmselfs have spoken on
the ease of use... APC magazine likes ubuntu actually, but it also
classes it as newbie, nowdays the kernel is more 'buggy' tho.
rm -rf /current_devs
touch a_secure_launchpad_where_ALL_addons_pass_testers
thats all on this topic.. so lame... discussing one os, and then i
guess for what, unless kcope makes a post the list is frozen talking
cfrap... like this :s
you guys have told me to growup, ill tell you guys, welcome to the 21st century.
XD

PS: pce Larry :) just used your email coz, it was about ONLY decent
one out of like 30 on that tpic :P
hehe...take care m8!




On 18 November 2011 06:42, Larry W. Cashdollar b...@fbi.dhs.org wrote:
 imap? creating folders? etc.. =/

 Are there any other services this may effect?

 On Thu, Nov 17, 2011 at 7:18 PM, Andrew N Dowden 
 andrew_dow...@softdesign.net.nz wrote:

  On 18/11/11 23:46, Larry W. Cashdollar wrote:

 Anyone know what the default is for Ubuntu 11

 PermitEmptyPasswords no
 PasswordAuthentication no


 in /etc/ssh/sshd_config?

  for Ubuntu 11.10 (Oneiric)

 snip: ( from */etc/ssh/sshd_config* )
 --
 # To enable empty passwords, change to yes (NOT RECOMMENDED)
 PermitEmptyPasswords no
 --
 # Change to no to disable tunnelled clear text passwords
 #PasswordAuthentication yes
 --

 --
 SoftDesign Group, Dowden Software Associates
 P O Box 31 132, Lower Hutt 5040, NEW ZEALAND


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 --


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread root

You say there are at least 10 configurations mistakes specific to Ubuntu
that allows you to exploit it. Care to name one?

If you can't, maybe you can name other, more secure Linux distro in
which your 10 ways do not work.

Fedora do not count as it is unusable.

On 11/19/2011 06:18 PM, GloW - XD wrote:
 dude, you have GOT to be kidding.
 I can exploit Ubuntu 2011 server and client about 10 ways, and
 probably same with half this list, it is INDED entry level, or, just
 stop handding it out on magazines with how to use ubuntu! Move to
 easy linux now! promos, and then your words have merit.
 
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-19 Thread root

what you say, main binary of ubuntu is suid?

That enough, I'm switching to freebsd now. Also, this email is sarcasm haha



On 11/19/2011 06:23 PM, GloW - XD wrote:
 Recently some stupid people got into management (as always happens)
 
 Oh here your right, but you still can relent, just dont fucking use
 the os wich sucks, i have learnt that this suually dictates how an os
 gets put tyogether... or no tajke some lessons out of windows
 even,. but do it smarter... idc, id never put ubuntu on a prod, OR
 local box, It got me once with the APC mags promo about how cl ubu
 is, then i found there is only about 100 bad binarys, your almost
 there now, only 30 or so togo! almost patched dude! tyhe biggest laugh
 is, your main binary wich is simplest, is vulnerable to suid attack...
 i guess some people would know this method, and know what i am talking
 about.. if not badluck.
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default